Microsoft has revealed that a support agent’s credentials were compromised for its webmail service for a 3-month window from January 1st and March 28th, 2019. They had notified these Outlook.com users about this outage.
The company says hackers could have viewed folder names, email addresses, and the subject line of the mail, but not the content of the attached files or emails. The credentials that were used in the attack have since been disabled.
According to a statement by Microsoft, the company informed the users whose account information was affected by this breach. Although no account passwords were accessible by the hackers, Microsoft is recommending resetting their passwords to be on the safer side.
“Microsoft regrets any inconvenience caused by this issue,” says the security notification. “Please be assured that Microsoft takes data protection very seriously and has engaged it’s internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.